fbpx
Wikipedia

Computer crime countermeasures

December 15, 2023

Cyber crime, or computer crime, refers to any crime that involves a computer and a network.[1] The computer may have been used in the commission of a crime, or it may be the target. Netcrime refers, more precisely, to criminal exploitation of the Internet.[2] Issues surrounding this type of crime have become high-profile, particularly those surrounding hacking, copyright infringement, identity theft, child pornography, and child grooming. There are also problems of privacy when confidential information is lost or intercepted, lawfully or otherwise.

On the global level, both governments and non-state actors continue to grow in importance, with the ability to engage in such activities as espionage, and other cross-border attacks sometimes referred to as cyber warfare. The international legal system is attempting to hold actors accountable for their actions, with the International Criminal Court among the few addressing this threat.[3]

A cyber countermeasure is defined as an action, process, technology, device, or system that serves to prevent or mitigate the effects of a cyber attack against a victim, computer, server, network or associated device.[4] Recently there has been an increase in the number of international cyber attacks. In 2013 there was a 91% increase in targeted attack campaigns and a 62% increase in security breaches.[5]

A number of countermeasures exist that can be effectively implemented in order to combat cyber-crime and increase security.

Types of threats edit

Malicious code edit

Malicious code is a broad category that encompasses a number of threats to cyber-security. In essence it is any “hardware, software, or firmware that is intentionally included or inserted in a system for a harmful purpose.”[6] Commonly referred to as malware it includes computer viruses, worms, Trojan horses, keyloggers, BOTs, Rootkits, and any software security exploits.[7]

Malicious code also includes spyware, which are deceptive programs, installed without authorization, “that monitor a consumer’s activities without their consent.”[8] Spyware can be used to send users unwanted popup ads, to usurp the control of a user’s Internet browser, or to monitor a user’s online habits. However, spyware is usually installed along with something that the user actually wishes to install. The user consents to the installation, but does not consent to the monitoring tactics of the spyware. The consent for spyware is normally found in the end-user license agreement.[8]

Network attacks edit

A network attack is considered to be any action taken to disrupt, deny, degrade, or destroy information residing on a computer and computer networks.[9] An attack can take four forms: fabrication, interception, interruption, and modification. A fabrication is the “creation of some deception in order to deceive some unsuspecting user”; an interception is the “process of intruding into some transmission and redirecting it for some unauthorized use”; an interruption is the “break in a communication channel, which inhibits the transmission of data”; and a modification is “the alteration of the data contained in the transmissions.”[6] Attacks can be classified as either being active or passive. Active attacks involve modification of the transmission or attempts to gain unauthorized access to a system, while passive attacks involve monitoring transmissions. Either form can be used to obtain information about a user, which can later be used to steal that user’s identity. Common forms of network attacks include Denial of Service (Dos) and Distributed Denial of Service(DDoS), Man-in-the-middle attack, packet sniffing, TCP SYN Flood, ICMP Flood, IP spoofing, and even simple web defacement.[10]

Network abuse edit

Network abuses are activities which violate a network's acceptable use policy and are generally considered fraudulent activity that is committed with the aid of a computer. SPAM is one of the most common forms of network abuse, where an individual will email list of users usually with unsolicited advertisements or phishing attacks attempting to use social engineering to acquire sensitive information such any information useful in identity theft, usernames, passwords, and so on by posing as a trustworthy individual.

Social engineering edit

Social engineering is the act of manipulating people into performing actions or divulging confidential information, rather than by breaking in or using technical cracking techniques.[11] This method of deception is commonly used by individuals attempting to break into computer systems, by posing as an authoritative or trusted party and capturing access information from the naive target.[12] Email Phishing is a common example of social engineering's application, but it is not limited to this single type of attack.

Technical edit

There are a variety of different technical countermeasures that can be deployed to thwart cybercriminals and harden systems against attack. Firewalls, network or host based, are considered the first line of defense in securing a computer network by setting Access Control Lists (ACLs) determining which what services and traffic can pass through the check point.[13]

Antivirus can be used to prevent propagation of malicious code. Most computer viruses have similar characteristics which allow for signature based detection. Heuristics such as file analysis and file emulation are also used to identify and remove malicious programs. Virus definitions should be regularly updated in addition to applying operating system hotfixes, service packs, and patches to keep computers on a network secure.[14]

Cryptography techniques can be employed to encrypt information using an algorithm commonly called a cipher to mask information in storage or transit. Tunneling for example will take a payload protocol such as Internet Protocol (IP) and encapsulate it in an encrypted delivery protocol over a Virtual Private Network (VPN), Secure Sockets Layer (SSL), Transport Layer Security (TLS), Layer 2 Tunneling Protocol (L2TP), Point-to-Point Tunneling Protocol (PPTP), or Internet Protocol Security (IPSec)to ensure data security during transmission. Encryption can also be employed on the file level using encryption protocols like Data Encryption Standard (DES), Triple DES, or Advanced Encryption Standard (AES) to ensure security of information in storage.[15]

Additionally, network vulnerability testing performed by technicians or automated programs can be used to test on a full-scale or targeted specifically to devices, systems, and passwords used on a network to assess their degree of secureness.[16] Furthermore, network monitoring tools can be used to detect intrusions or suspicious traffic on both large and small networks.[17]

Physical deterrents such as locks, card access keys, or biometric devices can be used to prevent criminals from gaining physical access to a machine on a network. Strong password protection both for access to a computer system and the computer's BIOS are also effective countermeasures to against cyber-criminals with physical access to a machine.[18]

Another deterrent is to use a bootable bastion host that executes a web browser in a known clean and secure operating environment. The host is devoid of any known malware, where data is never stored on the device, and the media cannot be overwritten. The kernel and programs are guaranteed to be clean at each boot. Some solutions have been used to create secure hardware browsers to protect users while accessing online banking.

Counter-Terror Social Network Analysis and Intent Recognition edit

The Counter-Terror Social Network Analysis and Intent Recognition (CT-SNAIR) project uses the Terrorist Action Description Language (TADL) to model and simulate terrorist networks and attacks. It also models links identified in communication patterns compiled from multimedia data, and terrorists’ activity patterns are compiled from databases of past terrorist threats.[19] Unlike other proposed methods, CT-SNAIR constantly interacts with the user, who uses the system both to investigate and to refine hypotheses.[19]

Multimedia data, such as voice, text, and network session data, is compiled and processed. Through this compilation and processing, names, entities, relationships, and individual events are extracted from the multimedia data. This information is then used to perform a social network analysis on the criminal network, through which the user can detect and track threats in the network. The social network analysis directly influences and is influenced by the intent recognition process, in which the user can recognize and detect threats. In the CT-SNAIR process, data and transactions from prior attacks, or forensic scenarios, is compiled to form a sequential list of transactions for a given terrorism scenario.

The CT-SNAIR process also includes generating data from hypothetical scenarios. Since they are imagined and computer-generated, hypothetical scenarios do not have any transaction data representing terrorism scenarios.[19] Different types of transactions combine to represent the types of relationships between individuals.

The final product, or target social network, is a weighted multiplex graph in which the types of edges (links) are defined by the types of transactions within the social network.[20] The weights within these graphs are determined by the content-extraction algorithm, in which each type of link is thought of as a separate graph and “is fed into social network algorithms in part or as a whole.”[20] Links between two individuals can be determined by the existence of (or lack of) the two people being mentioned within the same sentence in the compiled multimedia data or in relation to the same group or event.[21]

The final component in the CT-SNAIR process is Intent Recognition (IR). The goal of this component is to indicate to an analyst the threats that a transaction stream might contain.[22] Intent Recognition breaks down into three subcategories: detection of “known or hypothetical target scenarios,” prioritization of these target scenarios, and interpretation “of the resulting detection.”[22]

Economic edit

The optimal level of cyber-security depends largely on the incentives facing providers and the incentives facing perpetrators. Providers make their decision based on the economic payoff and cost of increased security whereas perpetrators decisions are based on the economic gain and cost of cyber-crime. Potential prisoner’s dilemma, public goods, and negative externalities become sources of cyber-security market failure when private returns to security are less than the social returns. Therefore, the higher the ratio of public to private benefit the stronger the case for enacting new public policies to realign incentives for actors to fight cyber-crime with increased investment in cyber-security.[23]

Legal edit

In the United States a number of legal statutes define and detail the conditions for prosecution of a cyber-crime and are used not only as a legal counter-measure, but also functions as a behavioral check against the commission of a cyber-crime. Many of the provisions outlined in these acts overlap with each.

The Computer Fraud and Abuse Act edit

The Computer Fraud and Abuse Act passed in 1986 is one of the broadest statutes in the US used to combat cyber-crime. It has been amended a number of times, most recently by the US Patriot Act of 2002 and the Identity theft enforcement and Restitution Act of 2008. Within it is the definition of a “protected computer” used throughout the US legal system to further define computer espionage, computer trespassing, and taking of government, financial, or commerce information, trespassing in a government computer, committing fraud with a protected computer, damaging a protected computer, trafficking in passwords, threatening to damage a protected computer, conspiracy to commit a cyber-crime, and the penalties for violation.[24] The 2002 update on the Computer Fraud and Abuse Act expands the act to include the protection of “information from any protected computer if the conduct involved an interstate or foreign communication.”[8]

The Digital Millennium Copyright Act edit

The Digital Millennium Copyright Act passed in 1998 is a United States copyright law that criminalizes the production and dissemination of technology, devices, or services intended circumvent Digital Rights Management (DRM), and circumvention of access control.[25]

The Electronic Communications Privacy Act edit

The Electronic Communications Privacy Act of 1986 extends the government restrictions on wiretaps from telephones. This law is generally thought in the perspective of what law enforcement may do to intercept communications, but it also pertains to how an organization may draft their acceptable use policies and monitor communications.[26]

The Stored Communications Act edit

The Stored Communications Act passed in 1986 is focused on protecting the confidentiality, integrity and availability of electronic communications that are currently in some form of electronic storage. This law was drafted with the purpose of protecting the privacy of e-mails and other electronic communications.[27]

Identity Theft and Aggravated Identity Theft edit

The Identity Theft and Aggravated Identity Theft statute is a subsection of the Identification and Authentication Fraud statute. It defines the conditions under which an individual has violated identity theft laws.[28]

Identity Theft and Assumption Deterrence Act edit

Identity theft was declared unlawful by the federal Identity Theft and Assumption Deterrence Act of 1998 (ITADA). Criminals knowingly transferring or using, without lawful authority, “a means of identification of another person with the intent to commit, or to aid abet, any unlawful activity that constitutes a violation of federal law, or that constitutes a felony under any applicable State or local law.”[29] Penalties of the ITADA include up to 15 years in prison and a maximum fine of $250,000 and directly reflect the amount of damage caused by the criminal’s actions and their amount of planning and intent.[8]

Gramm-Leach-Bliley Act edit

The Gramm-Leach-Bliley Act (GLBA) requires that financial institutions and credit agencies increase the security of systems that contain their customers’ personal information. It mandates that all financial institutions “design, implement, and maintain safeguards to protect customer information.”[30]

Internet Spyware Prevention Act edit

The Internet Spyware Prevention Act (I-SPY) prohibits the implementation and use of spyware and adware. I-SPY also includes a sentence for “intentionally accessing a computer with the intent to install unwanted software.”[31]

Access Device Fraud Statutes edit

18 U.S.C. § 1029 outlines 10 different offenses under which an offender could violate concerning device fraud. These offenses include:

  • Knowingly trafficking in a counterfeit access device
  • Trafficking the counterfeit access device with the intention to committing fraud
  • Possessing more than 15 devices with the purpose to defraud
  • Production/possession/trafficking in equipment to create access devices if the intent is to defraud
  • Receiving payment from an individual in excess of $1,000 in a one-year period who was found using illegal access devices
  • Solicitation of another individual with offers to sell illegal access devices
  • Distributing or possessing an altered telecommunication device for the purpose of obtaining unauthorized telecommunication services
  • Production, possession, or trafficking in a scanning receiver
  • Using or possessing a telecommunication device that has been knowingly altered to provide unauthorized access to a telecommunication service
  • Using a credit card which was illegally obtained and used to purchase goods and services

[32]

CAN-SPAM Act edit

The CAN-SPAM Act of 2003 establishes the United States' first national standards for the sending of commercial e-mail and requires the Federal Trade Commission (FTC) to enforce its provisions.[33][34]

Wire Fraud Statute edit

The Wire fraud statute outlined in 18 U.S.C. § 1343 applies to crimes committed over different types of electronic medium such as telephone and network communications.[35]

Communications Interference Statutes edit

The communications interference statute listed in 18 U.S.C. § 1362 defines a number of acts under which and individual can be charged with a telecommunications related crime including:

  • Maliciously destroying a property such as cable, system, or other means of communication that is operated or controlled by the United States
  • Maliciously destroying a property such as cable, system, or other means of communication that is operated or controlled by the United States Military
  • Willfully interfering in the working or use of a communications line
  • Willfully obstructing or delaying communication transmission over a communications line
  • Conspiracy to commit any of the above listed acts

[36]

Behavioral edit

Behavioral countermeasures can also be an effective tool in combating cyber-crime. Public awareness campaigns can educate the public on the various threats of cyber-crime and the many methods used to combat it. It is also here that businesses can also make us of IT policies to help educate and train workers on the importance and practices used to ensure electronic security such as strong password use, the importance of regular patching of security exploits, signs of phishing attacks and malicious code, etc.[37]

California, Virginia, and Ohio have implemented services for victims of identity theft, though not well publicized. California has a registry for victims with a confirmed identity theft. Once registered, people can request law enforcement officers call a number staffed 24 hours, year round, to "verify they are telling the truth about their innocence.”[38] In Virginia and Ohio, victims of identity theft are issued a special passport to prove their innocence. However, these passports run the same risk as every other form of identification in that they can eventually be duplicated.[38]

Financial agencies such as banks and credit bureaus are starting to require verification of data that identity thieves cannot easily obtain. This data includes users’ past addresses and income tax information.[38] In the near future, it will also include the data located through use of biometrics. Biometrics is the use “of automated methods for uniquely recognizing humans based upon … intrinsic physical or behavioral traits.”[38] These methods include iris scans, voice identification, and fingerprint authentication. The First Financial Credit Union has already implemented biometrics in the form of fingerprint authentication in their automated teller machines to combat identity theft. With a similar purpose, Great Britain has announced plans to incorporate computer chips with biometric data into their passports.[38] However, the greatest problem with the implementation of biometrics is the possibility of privacy invasion.

US agents edit

Government edit

Private organizations edit

Public–private partnerships edit

See also edit

Government resources edit

  • Cybercrime.gov from the United States Department of Justice
  • National Institute of Justice Electronic Crime Program from the United States Department of Justice
  • FBI Cyber Investigations home page
  • US Secret Service Computer Fraud
  • The Internet Crime Complaint Center (IC3)
  • Bureau of Alcohol Tobacco and Firearms
  • U.S. Computer Emergency Readiness Team (U.S. CERT)

References edit

  1. ^ Moore, R. (2005) "Cybercrime: Investigating High-Technology Computer Crime," Cleveland, Mississippi: Anderson Publishing.
  2. ^ Mann and Sutton 1998: >>Netcrime: More change in the Organization of Thieving. British Journal of Criminology; 38: 201-229.
  3. ^ Ophardt, Jonathan A. "Cyber warfare and the crime of aggression: the need for individual accountability on tomorrow's battlefield" Duke Law and Technology Review, February 23, 2010
  4. ^ Coleman, Kevin (2009-04-15). "Cyber Attacks on Supply Chain Systems". defensetech.org. Retrieved 2 May 2011.
  5. ^ "Why the US Needs More Cyber Professionals". Norwich University. Retrieved 23 October 2014.
  6. ^ a b Newman, R. (2006) Cybercrime, Identity Theft, and Fraud: Practicing Safe Internet – Network Security Threats and Vulnerabilities. Proceedings of the 3rd Annual Conference on Information Security Curriculum Development. Kennesaw, GA: ACM. p. 69.
  7. ^ Skandier, Quentin Docter, Emmett Dulaney, Toby (2009). CompTIA A+ complete study guide. Indianapolis, Ind.: Wiley Pub. ISBN 978-0-470-48649-8.{{cite book}}: CS1 maint: multiple names: authors list (link)
  8. ^ a b c d Loibl, T. (2005) Identity Theft, Spyware, and the Law. Proceedings of the 2nd Annual Conference on Information Security Curriculum Development. Kennesaw, GA: ACM. p. 119.
  9. ^ Joint Chiefs of Staff. "Joint Publication 3-13 Information Operations (Feb. 13 2006)" (PDF). Retrieved 29 April 2011.
  10. ^ Odom, Wendell (2008). CCENT/CCNA ICND1 (2nd ed.). Indianapolis, Ind.: Cisco Press. ISBN 978-1-58720-182-0.
  11. ^ Goodchild, Joan (January 11, 2010). "Social Engineering: The Basics". csoonline. Retrieved 14 January 2010.
  12. ^ Vincentas (11 July 2013). . Spyware Loop. Archived from the original on 22 September 2013. Retrieved 28 July 2013.
  13. ^ Firewall http://www.tech-faq.com/firewall.html
  14. ^ Glenn, Walter; Tony Northrup (2006). MCDST self-paced training kit (exam 70-271) : supporting users and troubleshooting a Microsoft Windows XP operating system (2nd ed.). Redmond, Wash.: Microsoft Press. ISBN 978-0-7356-2227-2.
  15. ^ Lammle, Todd (2009). CompTIA Network+. Wiley Publishing, Inc. pp. 427–434. ISBN 978-0-470-42747-7.
  16. ^ (PDF). Verisign. Archived from the original (PDF) on 4 October 2011. Retrieved 29 April 2011.
  17. ^ Cottrell, Les. "Network Monitoring Tools". SLAC. Retrieved 29 April 2011.
  18. ^ Doctor, Quentin; Emmet Dulaney; Toby Skandier (2009). CompTIA A+. Indianapolis, Indiana: Wiley Publishing Inc. pp. 560–563. ISBN 978-0-470-48649-8.
  19. ^ a b c Weinstein, C., et al. (2009) Modeling and Detection Techniques for Counter-Terror Social Network Analysis and Intent Recognition. Proceedings from the Aerospace Conference. Piscataway, NJ: IEEE. p. 2.
  20. ^ a b Weinstein, C., et al. (2009) Modeling and Detection Techniques for Counter-Terror Social Network Analysis and Intent Recognition. Proceedings from the Aerospace Conference. Piscataway, NJ: IEEE. p. 7.
  21. ^ Weinstein, C., et al. (2009) Modeling and Detection Techniques for Counter-Terror Social Network Analysis and Intent Recognition. Proceedings from the Aerospace Conference. Piscataway, NJ: IEEE. p. 8.
  22. ^ a b Weinstein, C., et al. (2009) Modeling and Detection Techniques for Counter-Terror Social Network Analysis and Intent Recognition. Proceedings from the Aerospace Conference. Piscataway, NJ: IEEE. p. 10.
  23. ^ Corde, Joseph. (PDF). Archived from the original (PDF) on 23 March 2012. Retrieved 2 May 2011.
  24. ^ 18 U.S.C. § 1030
  25. ^ 17 U.S.C. §§ 512, 1201–1205, 1301–1332;
  26. ^ 18 U.S.C. § 2510-2511
  27. ^ 18 U.S.C. § 2701 - 2712
  28. ^ 18 U.S.C. § 1028
  29. ^ Luong, K. (2006) The other side of identity theft: Not just a financial concern. Proceedings of the 3rd Annual Conference on Information Security Curriculum Development. Kennesaw, GA: ACM. p. 154.
  30. ^ Novak, C. (2007) Investigative response: After the breach. Computers & Security. v. 26, n. 2, p. 183.
  31. ^ Loibl, T. (2005) Identity Theft, Spyware, and the Law. Proceedings of the 2nd Annual Conference on Information Security Curriculum Development. Kennesaw, GA: ACM. p. 120.
  32. ^ 18 U.S.C. § 1029
  33. ^ 15 U.S.C. 7701, et seq.
  34. ^ 18 U.S.C. § 1037
  35. ^ 18 U.S.C. § 1343
  36. ^ 18 U.S.C. § 1362
  37. ^ McLachlan, Phara. "The Importance of Policy Management". ITSM Watch. Retrieved 1 May 2011.
  38. ^ a b c d e Luong, K. (2006) The other side of identity theft: Not just a financial concern. Proceedings of the 3rd Annual Conference on Information Security Curriculum Development. Kennesaw, GA: ACM. p. 153

External links edit

  • Carnegie Mellon University CSIRT
  • Empirical Study of Email Security Threats and Countermeasures

December 15, 2023
computer, crime, countermeasures, examples, perspective, this, article, represent, worldwide, view, subject, improve, this, article, discuss, issue, talk, page, create, article, appropriate, august, 2011, learn, when, remove, this, template, message, cyber, cr. The examples and perspective in this article may not represent a worldwide view of the subject You may improve this article discuss the issue on the talk page or create a new article as appropriate August 2011 Learn how and when to remove this template message Cyber crime or computer crime refers to any crime that involves a computer and a network 1 The computer may have been used in the commission of a crime or it may be the target Netcrime refers more precisely to criminal exploitation of the Internet 2 Issues surrounding this type of crime have become high profile particularly those surrounding hacking copyright infringement identity theft child pornography and child grooming There are also problems of privacy when confidential information is lost or intercepted lawfully or otherwise On the global level both governments and non state actors continue to grow in importance with the ability to engage in such activities as espionage and other cross border attacks sometimes referred to as cyber warfare The international legal system is attempting to hold actors accountable for their actions with the International Criminal Court among the few addressing this threat 3 A cyber countermeasure is defined as an action process technology device or system that serves to prevent or mitigate the effects of a cyber attack against a victim computer server network or associated device 4 Recently there has been an increase in the number of international cyber attacks In 2013 there was a 91 increase in targeted attack campaigns and a 62 increase in security breaches 5 A number of countermeasures exist that can be effectively implemented in order to combat cyber crime and increase security Contents 1 Types of threats 1 1 Malicious code 1 2 Network attacks 1 3 Network abuse 1 4 Social engineering 1 5 Technical 1 5 1 Counter Terror Social Network Analysis and Intent Recognition 1 6 Economic 1 7 Legal 1 7 1 The Computer Fraud and Abuse Act 1 7 2 The Digital Millennium Copyright Act 1 7 3 The Electronic Communications Privacy Act 1 7 4 The Stored Communications Act 1 7 5 Identity Theft and Aggravated Identity Theft 1 7 6 Identity Theft and Assumption Deterrence Act 1 7 7 Gramm Leach Bliley Act 1 7 8 Internet Spyware Prevention Act 1 7 9 Access Device Fraud Statutes 1 7 10 CAN SPAM Act 1 7 11 Wire Fraud Statute 1 7 12 Communications Interference Statutes 1 8 Behavioral 2 US agents 2 1 Government 2 2 Private organizations 2 3 Public private partnerships 3 See also 4 Government resources 5 References 6 External linksTypes of threats editMalicious code edit Malicious code is a broad category that encompasses a number of threats to cyber security In essence it is any hardware software or firmware that is intentionally included or inserted in a system for a harmful purpose 6 Commonly referred to as malware it includes computer viruses worms Trojan horses keyloggers BOTs Rootkits and any software security exploits 7 Malicious code also includes spyware which are deceptive programs installed without authorization that monitor a consumer s activities without their consent 8 Spyware can be used to send users unwanted popup ads to usurp the control of a user s Internet browser or to monitor a user s online habits However spyware is usually installed along with something that the user actually wishes to install The user consents to the installation but does not consent to the monitoring tactics of the spyware The consent for spyware is normally found in the end user license agreement 8 Network attacks edit A network attack is considered to be any action taken to disrupt deny degrade or destroy information residing on a computer and computer networks 9 An attack can take four forms fabrication interception interruption and modification A fabrication is the creation of some deception in order to deceive some unsuspecting user an interception is the process of intruding into some transmission and redirecting it for some unauthorized use an interruption is the break in a communication channel which inhibits the transmission of data and a modification is the alteration of the data contained in the transmissions 6 Attacks can be classified as either being active or passive Active attacks involve modification of the transmission or attempts to gain unauthorized access to a system while passive attacks involve monitoring transmissions Either form can be used to obtain information about a user which can later be used to steal that user s identity Common forms of network attacks include Denial of Service Dos and Distributed Denial of Service DDoS Man in the middle attack packet sniffing TCP SYN Flood ICMP Flood IP spoofing and even simple web defacement 10 Network abuse edit Network abuses are activities which violate a network s acceptable use policy and are generally considered fraudulent activity that is committed with the aid of a computer SPAM is one of the most common forms of network abuse where an individual will email list of users usually with unsolicited advertisements or phishing attacks attempting to use social engineering to acquire sensitive information such any information useful in identity theft usernames passwords and so on by posing as a trustworthy individual Social engineering edit Social engineering is the act of manipulating people into performing actions or divulging confidential information rather than by breaking in or using technical cracking techniques 11 This method of deception is commonly used by individuals attempting to break into computer systems by posing as an authoritative or trusted party and capturing access information from the naive target 12 Email Phishing is a common example of social engineering s application but it is not limited to this single type of attack Technical edit There are a variety of different technical countermeasures that can be deployed to thwart cybercriminals and harden systems against attack Firewalls network or host based are considered the first line of defense in securing a computer network by setting Access Control Lists ACLs determining which what services and traffic can pass through the check point 13 Antivirus can be used to prevent propagation of malicious code Most computer viruses have similar characteristics which allow for signature based detection Heuristics such as file analysis and file emulation are also used to identify and remove malicious programs Virus definitions should be regularly updated in addition to applying operating system hotfixes service packs and patches to keep computers on a network secure 14 Cryptography techniques can be employed to encrypt information using an algorithm commonly called a cipher to mask information in storage or transit Tunneling for example will take a payload protocol such as Internet Protocol IP and encapsulate it in an encrypted delivery protocol over a Virtual Private Network VPN Secure Sockets Layer SSL Transport Layer Security TLS Layer 2 Tunneling Protocol L2TP Point to Point Tunneling Protocol PPTP or Internet Protocol Security IPSec to ensure data security during transmission Encryption can also be employed on the file level using encryption protocols like Data Encryption Standard DES Triple DES or Advanced Encryption Standard AES to ensure security of information in storage 15 Additionally network vulnerability testing performed by technicians or automated programs can be used to test on a full scale or targeted specifically to devices systems and passwords used on a network to assess their degree of secureness 16 Furthermore network monitoring tools can be used to detect intrusions or suspicious traffic on both large and small networks 17 Physical deterrents such as locks card access keys or biometric devices can be used to prevent criminals from gaining physical access to a machine on a network Strong password protection both for access to a computer system and the computer s BIOS are also effective countermeasures to against cyber criminals with physical access to a machine 18 Another deterrent is to use a bootable bastion host that executes a web browser in a known clean and secure operating environment The host is devoid of any known malware where data is never stored on the device and the media cannot be overwritten The kernel and programs are guaranteed to be clean at each boot Some solutions have been used to create secure hardware browsers to protect users while accessing online banking Counter Terror Social Network Analysis and Intent Recognition edit The Counter Terror Social Network Analysis and Intent Recognition CT SNAIR project uses the Terrorist Action Description Language TADL to model and simulate terrorist networks and attacks It also models links identified in communication patterns compiled from multimedia data and terrorists activity patterns are compiled from databases of past terrorist threats 19 Unlike other proposed methods CT SNAIR constantly interacts with the user who uses the system both to investigate and to refine hypotheses 19 Multimedia data such as voice text and network session data is compiled and processed Through this compilation and processing names entities relationships and individual events are extracted from the multimedia data This information is then used to perform a social network analysis on the criminal network through which the user can detect and track threats in the network The social network analysis directly influences and is influenced by the intent recognition process in which the user can recognize and detect threats In the CT SNAIR process data and transactions from prior attacks or forensic scenarios is compiled to form a sequential list of transactions for a given terrorism scenario The CT SNAIR process also includes generating data from hypothetical scenarios Since they are imagined and computer generated hypothetical scenarios do not have any transaction data representing terrorism scenarios 19 Different types of transactions combine to represent the types of relationships between individuals The final product or target social network is a weighted multiplex graph in which the types of edges links are defined by the types of transactions within the social network 20 The weights within these graphs are determined by the content extraction algorithm in which each type of link is thought of as a separate graph and is fed into social network algorithms in part or as a whole 20 Links between two individuals can be determined by the existence of or lack of the two people being mentioned within the same sentence in the compiled multimedia data or in relation to the same group or event 21 The final component in the CT SNAIR process is Intent Recognition IR The goal of this component is to indicate to an analyst the threats that a transaction stream might contain 22 Intent Recognition breaks down into three subcategories detection of known or hypothetical target scenarios prioritization of these target scenarios and interpretation of the resulting detection 22 Economic edit The optimal level of cyber security depends largely on the incentives facing providers and the incentives facing perpetrators Providers make their decision based on the economic payoff and cost of increased security whereas perpetrators decisions are based on the economic gain and cost of cyber crime Potential prisoner s dilemma public goods and negative externalities become sources of cyber security market failure when private returns to security are less than the social returns Therefore the higher the ratio of public to private benefit the stronger the case for enacting new public policies to realign incentives for actors to fight cyber crime with increased investment in cyber security 23 Legal edit In the United States a number of legal statutes define and detail the conditions for prosecution of a cyber crime and are used not only as a legal counter measure but also functions as a behavioral check against the commission of a cyber crime Many of the provisions outlined in these acts overlap with each The Computer Fraud and Abuse Act edit The Computer Fraud and Abuse Act passed in 1986 is one of the broadest statutes in the US used to combat cyber crime It has been amended a number of times most recently by the US Patriot Act of 2002 and the Identity theft enforcement and Restitution Act of 2008 Within it is the definition of a protected computer used throughout the US legal system to further define computer espionage computer trespassing and taking of government financial or commerce information trespassing in a government computer committing fraud with a protected computer damaging a protected computer trafficking in passwords threatening to damage a protected computer conspiracy to commit a cyber crime and the penalties for violation 24 The 2002 update on the Computer Fraud and Abuse Act expands the act to include the protection of information from any protected computer if the conduct involved an interstate or foreign communication 8 The Digital Millennium Copyright Act edit The Digital Millennium Copyright Act passed in 1998 is a United States copyright law that criminalizes the production and dissemination of technology devices or services intended circumvent Digital Rights Management DRM and circumvention of access control 25 The Electronic Communications Privacy Act edit The Electronic Communications Privacy Act of 1986 extends the government restrictions on wiretaps from telephones This law is generally thought in the perspective of what law enforcement may do to intercept communications but it also pertains to how an organization may draft their acceptable use policies and monitor communications 26 The Stored Communications Act edit The Stored Communications Act passed in 1986 is focused on protecting the confidentiality integrity and availability of electronic communications that are currently in some form of electronic storage This law was drafted with the purpose of protecting the privacy of e mails and other electronic communications 27 Identity Theft and Aggravated Identity Theft edit The Identity Theft and Aggravated Identity Theft statute is a subsection of the Identification and Authentication Fraud statute It defines the conditions under which an individual has violated identity theft laws 28 Identity Theft and Assumption Deterrence Act edit Identity theft was declared unlawful by the federal Identity Theft and Assumption Deterrence Act of 1998 ITADA Criminals knowingly transferring or using without lawful authority a means of identification of another person with the intent to commit or to aid abet any unlawful activity that constitutes a violation of federal law or that constitutes a felony under any applicable State or local law 29 Penalties of the ITADA include up to 15 years in prison and a maximum fine of 250 000 and directly reflect the amount of damage caused by the criminal s actions and their amount of planning and intent 8 Gramm Leach Bliley Act edit The Gramm Leach Bliley Act GLBA requires that financial institutions and credit agencies increase the security of systems that contain their customers personal information It mandates that all financial institutions design implement and maintain safeguards to protect customer information 30 Internet Spyware Prevention Act edit The Internet Spyware Prevention Act I SPY prohibits the implementation and use of spyware and adware I SPY also includes a sentence for intentionally accessing a computer with the intent to install unwanted software 31 Access Device Fraud Statutes edit 18 U S C 1029 outlines 10 different offenses under which an offender could violate concerning device fraud These offenses include Knowingly trafficking in a counterfeit access device Trafficking the counterfeit access device with the intention to committing fraud Possessing more than 15 devices with the purpose to defraud Production possession trafficking in equipment to create access devices if the intent is to defraud Receiving payment from an individual in excess of 1 000 in a one year period who was found using illegal access devices Solicitation of another individual with offers to sell illegal access devices Distributing or possessing an altered telecommunication device for the purpose of obtaining unauthorized telecommunication services Production possession or trafficking in a scanning receiver Using or possessing a telecommunication device that has been knowingly altered to provide unauthorized access to a telecommunication service Using a credit card which was illegally obtained and used to purchase goods and services 32 CAN SPAM Act edit The CAN SPAM Act of 2003 establishes the United States first national standards for the sending of commercial e mail and requires the Federal Trade Commission FTC to enforce its provisions 33 34 Wire Fraud Statute edit The Wire fraud statute outlined in 18 U S C 1343 applies to crimes committed over different types of electronic medium such as telephone and network communications 35 Communications Interference Statutes edit The communications interference statute listed in 18 U S C 1362 defines a number of acts under which and individual can be charged with a telecommunications related crime including Maliciously destroying a property such as cable system or other means of communication that is operated or controlled by the United States Maliciously destroying a property such as cable system or other means of communication that is operated or controlled by the United States Military Willfully interfering in the working or use of a communications line Willfully obstructing or delaying communication transmission over a communications line Conspiracy to commit any of the above listed acts 36 Behavioral edit Behavioral countermeasures can also be an effective tool in combating cyber crime Public awareness campaigns can educate the public on the various threats of cyber crime and the many methods used to combat it It is also here that businesses can also make us of IT policies to help educate and train workers on the importance and practices used to ensure electronic security such as strong password use the importance of regular patching of security exploits signs of phishing attacks and malicious code etc 37 California Virginia and Ohio have implemented services for victims of identity theft though not well publicized California has a registry for victims with a confirmed identity theft Once registered people can request law enforcement officers call a number staffed 24 hours year round to verify they are telling the truth about their innocence 38 In Virginia and Ohio victims of identity theft are issued a special passport to prove their innocence However these passports run the same risk as every other form of identification in that they can eventually be duplicated 38 Financial agencies such as banks and credit bureaus are starting to require verification of data that identity thieves cannot easily obtain This data includes users past addresses and income tax information 38 In the near future it will also include the data located through use of biometrics Biometrics is the use of automated methods for uniquely recognizing humans based upon intrinsic physical or behavioral traits 38 These methods include iris scans voice identification and fingerprint authentication The First Financial Credit Union has already implemented biometrics in the form of fingerprint authentication in their automated teller machines to combat identity theft With a similar purpose Great Britain has announced plans to incorporate computer chips with biometric data into their passports 38 However the greatest problem with the implementation of biometrics is the possibility of privacy invasion US agents editGovernment edit Federal Trade Commission FTC Federal Bureau of Investigation FBI Bureau of Alcohol Tobacco and Firearms ATF Federal Communications Commission FCC Private organizations edit Antivirus security firms Internet service providers ISPs Messaging Anti Abuse Working Group MAAWG IT consultants Computer emergency response teamsPublic private partnerships edit CERT Coordination Center Carnegie Mellon University United States Computer Emergency Readiness Team US CERT See also editCyberwarfare Security hacker Computer security Interpol Antivirus software Common Vulnerabilities and Exposures CVE Common Vulnerability Scoring System CVSS Information security Countermeasure Internet kill switch Cyber security and countermeasureGovernment resources editCybercrime gov from the United States Department of Justice National Institute of Justice Electronic Crime Program from the United States Department of Justice FBI Cyber Investigations home page US Secret Service Computer Fraud The Internet Crime Complaint Center IC3 Bureau of Alcohol Tobacco and Firearms U S Computer Emergency Readiness Team U S CERT References edit Moore R 2005 Cybercrime Investigating High Technology Computer Crime Cleveland Mississippi Anderson Publishing Mann and Sutton 1998 gt gt Netcrime More change in the Organization of Thieving British Journal of Criminology 38 201 229 Oxfordjournals org Ophardt Jonathan A Cyber warfare and the crime of aggression the need for individual accountability on tomorrow s battlefield Duke Law and Technology Review February 23 2010 Coleman Kevin 2009 04 15 Cyber Attacks on Supply Chain Systems defensetech org Retrieved 2 May 2011 Why the US Needs More Cyber Professionals Norwich University Retrieved 23 October 2014 a b Newman R 2006 Cybercrime Identity Theft and Fraud Practicing Safe Internet Network Security Threats and Vulnerabilities Proceedings of the 3rd Annual Conference on Information Security Curriculum Development Kennesaw GA ACM p 69 Skandier Quentin Docter Emmett Dulaney Toby 2009 CompTIA A complete study guide Indianapolis Ind Wiley Pub ISBN 978 0 470 48649 8 a href Template Cite book html title Template Cite book cite book a CS1 maint multiple names authors list link a b c d Loibl T 2005 Identity Theft Spyware and the Law Proceedings of the 2nd Annual Conference on Information Security Curriculum Development Kennesaw GA ACM p 119 Joint Chiefs of Staff Joint Publication 3 13 Information Operations Feb 13 2006 PDF Retrieved 29 April 2011 Odom Wendell 2008 CCENT CCNA ICND1 2nd ed Indianapolis Ind Cisco Press ISBN 978 1 58720 182 0 Goodchild Joan January 11 2010 Social Engineering The Basics csoonline Retrieved 14 January 2010 Vincentas 11 July 2013 Cybercrime and Countermeasures in SpyWareLoop com Spyware Loop Archived from the original on 22 September 2013 Retrieved 28 July 2013 Firewall http www tech faq com firewall html Glenn Walter Tony Northrup 2006 MCDST self paced training kit exam 70 271 supporting users and troubleshooting a Microsoft Windows XP operating system 2nd ed Redmond Wash Microsoft Press ISBN 978 0 7356 2227 2 Lammle Todd 2009 CompTIA Network Wiley Publishing Inc pp 427 434 ISBN 978 0 470 42747 7 An Introduction to Network Vulnerability Testing PDF Verisign Archived from the original PDF on 4 October 2011 Retrieved 29 April 2011 Cottrell Les Network Monitoring Tools SLAC Retrieved 29 April 2011 Doctor Quentin Emmet Dulaney Toby Skandier 2009 CompTIA A Indianapolis Indiana Wiley Publishing Inc pp 560 563 ISBN 978 0 470 48649 8 a b c Weinstein C et al 2009 Modeling and Detection Techniques for Counter Terror Social Network Analysis and Intent Recognition Proceedings from the Aerospace Conference Piscataway NJ IEEE p 2 a b Weinstein C et al 2009 Modeling and Detection Techniques for Counter Terror Social Network Analysis and Intent Recognition Proceedings from the Aerospace Conference Piscataway NJ IEEE p 7 Weinstein C et al 2009 Modeling and Detection Techniques for Counter Terror Social Network Analysis and Intent Recognition Proceedings from the Aerospace Conference Piscataway NJ IEEE p 8 a b Weinstein C et al 2009 Modeling and Detection Techniques for Counter Terror Social Network Analysis and Intent Recognition Proceedings from the Aerospace Conference Piscataway NJ IEEE p 10 Corde Joseph Economics Cyber Security and Cyber Security Policy PDF Archived from the original PDF on 23 March 2012 Retrieved 2 May 2011 18 U S C 1030 17 U S C 512 1201 1205 1301 1332 18 U S C 2510 2511 18 U S C 2701 2712 18 U S C 1028 Luong K 2006 The other side of identity theft Not just a financial concern Proceedings of the 3rd Annual Conference on Information Security Curriculum Development Kennesaw GA ACM p 154 Novak C 2007 Investigative response After the breach Computers amp Security v 26 n 2 p 183 Loibl T 2005 Identity Theft Spyware and the Law Proceedings of the 2nd Annual Conference on Information Security Curriculum Development Kennesaw GA ACM p 120 18 U S C 1029 15 U S C 7701 et seq 18 U S C 1037 18 U S C 1343 18 U S C 1362 McLachlan Phara The Importance of Policy Management ITSM Watch Retrieved 1 May 2011 a b c d e Luong K 2006 The other side of identity theft Not just a financial concern Proceedings of the 3rd Annual Conference on Information Security Curriculum Development Kennesaw GA ACM p 153External links editCarnegie Mellon University CSIRT Empirical Study of Email Security Threats and Countermeasures Retrieved from https en wikipedia org w index php title Computer crime countermeasures amp oldid 1184805617 Network abuse, wikipedia, wiki, book, books, library,

article

, read, download, free, free download, mp3, video, mp4, 3gp, jpg, jpeg, gif, png, picture, music, song, movie, book, game, games.